httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Marcondes <bmarcon...@gmail.com>
Subject Re: [users@httpd] Mod_Proxy with Squid
Date Tue, 27 Jul 2004 22:52:45 GMT
Mauricio,

mod_proxy wont be able to spoof your client ips, you would need to
hack it (and the kernel) to make it work.
You may switch the order of your "proxy" .
Squid receive your clients requests and pass it all to an apache ( web
accelerator)  with mod_proxy and mod_clamav . This way you keep your
control access on squid (but loses on apache) , is a trade off you
cant avoid without spoofing ,

[]'s


----- Original Message -----
From: Mauricio Lara (NOVA) <mlara@novadevices.com>
Date: Fri, 23 Jul 2004 17:01:54 -0500
Subject: [users@httpd] Mod_Proxy with Squid
To: users@httpd.apache.org

 
Hi folks 
  
I have a big problem, I have mod_proxy and squid proxy on my network
because I need mod_clamav
virus checking 
  
I have this config 
  
Listen 8080 
ProxyRequests On 
ProxyVia on
ProxyPreserveHost On 
ProxyRemote * http://192.168.1.1:3128 
ClamavMode local 
ClamavTmpdir /var/tmp/clamav 
ClamavDbdir /home/clamav/share/clamav 
Include /home/etc/httpd/safepatterns.conf 
ClamavSizelimit 100000 
ClamavReloadInterval 3600 
<Proxy *>  
Order Deny,Allow 
SetOutputFilter CLAMAV 
</Proxy>  
<Location /clamav>  
SetHandler clamav  
</Location>  
 
  
You note that I use ProxyRemote to send traffic to my squid server the
problem is that
my squid server receives something like 
  
 

090619793.398 11775 192.168.1.2 TCP_CLIENT_REFRESH_MISS/200 74969 GET
http://www.interactive.net.ec/ - DEFAULT_PARENT/127.0.0.1 text/html
  
Where 192.168.1.2 is ip address from my web server but not my client
ip address (192.168.1.32)  then I lose every squid
config like control access because my client ip was masquerade to
server ip (192.168.1.2). You note in my config file
I have ProxyPreserveHost On  but doesnt work and my Client host ip
always is changed.
  
Please help me 
  
Mauricio 
  
  
  
  



-- 
"If you really want something in this life, you have to work for it.
Now, quiet! They're about to announce the lottery numbers..."
- Homer Simpson

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message